Agent-based scanning for AE customers with prior Endpoint Central installation
With the AE 6900 release, agent-based scanning for Windows, Linux, and Mac machines is introduced. This feature is provided by ManageEngine Endpoint Central (formerly Desktop Central). As ME Endpoint Central is already installed in your environment, the same installation can be used for scanning Windows, Linux and Mac machines in your environment for the number of nodes purchased in AE
Note for customers already using any other UEMS products other than ME Endpoint Central
If any of the following ME products are installed and used in your environment, we recommend you contact our support before proceeding with this installation for configuring changes in asset inventory.
-
Patch Manager Plus On-Premise/Cloud
-
Remote Access Plus On-Premise/Cloud
-
Device Control Plus
-
Vulnerability Manager Plus
-
Patch Manager Plus Cloud
-
Endpoint Central (formerly Desktop Central) Cloud
Feature changes related to scanning from AE 6900
-
Support for scanning Windows machines using WMI has been removed.
-
Support for scanning Linux and Mac machines using SSH/Telnet has been removed.
-
All Windows, Linux, and Mac machines can be scanned only by installing Endpoint Central agents in remote machines.
About Endpoint Central
Endpoint Central (formerly Desktop Central) is a robust unified endpoint management system. It comprises features like Patch Management, Software Deployment, Endpoint security, OS imaging, and deployment, etc. Agents from Endpoint Central improve AssetExplorer' asset scanning functionality by fetching complete hardware details during the scan as well as maintaining the uniformity of data fetched across Windows, Linux, and Mac machines. Endpoint Central agent integration also avoids the need to have two agents for users who already have integration between AssetExplorer and Endpoint Central.
Features from Endpoint Central for existing customers of AE migrating to AE 6900 version
i. Agent-based inventory of Windows, Mac, and Linux machines
ii. Warranty information for devices
iii. Remote control for Windows, Mac, and Linux machines
iv. Auto upgrade of agents to newer versions
Other features from Endpoint Central for existing customers of AE who migrate to AE 6900 version and later purchase AE UEM Remote Access Plus Add on
i). Chat *
ii). Wake-on-LAN *
iii). Announcement (supported in ServiceDesk Plus and not supported in AssetExplorer) *
iv). System manager *
No, the inventory and remote control functionalities for Windows, Linux, and Mac machines and warranty information of devices are the only features provided for AE customers through Endpoint Central after deployment of Endpoint Central agents.
Ports used in Endpoint Central
Server
|
Port |
Purpose |
Type |
Connection |
|
8383 |
For communication between the agent and the Endpoint Central server
Source: Agent
Destination: Endpoint Central server
|
HTTPS |
In bound to server |
|
8027 |
The notification server port is responsible for communicating on-demand operations from the server to the agent. |
|
In bound to server |
Tools and Remote Control
|
Port |
Purpose |
Type |
Connection |
|
8444 |
For Sharing remote desktops, System Manager, Chat |
HTTP |
In bound to server |
|
8032 |
For transferring files |
HTTP |
In bound to server |
|
8443 |
For Sharing Remote Desktops, System Manager, Chat |
HTTPS/UDP (for voice & video chat) |
In bound to server |
|
8031 |
For transferring files |
|
In bound to server |
Database supported by Endpoint Central
OS supported by Endpoint Central agents
Endpoint Central agents can be installed on machines with the following OS
Windows OS
-
Windows 11
-
Windows 10
-
Windows 8.1
-
Windows 8
-
Windows 7
-
Windows Vista
-
Windows XP
Windows Server OS
-
Windows server 2019
-
Windows server 2016
-
Windows server 2012 R2
-
Windows server 2012
-
Windows server 2008 R2
-
Windows server 2008
-
Windows server 2003 R2
-
Windows server 2003
Mac
-
10.7 Lion
-
10.8 Mountain Lion
-
10.9 Mavericks
-
10.10 Yosemite
-
10.11 El Capitan
-
10.12 Sierra
-
10.13 High Sierra
-
10.14 Mojave
-
10.15 Catalina
-
11.0 Big Sur
Linux
-
Ubuntu 10.04 and later versions
-
RedHat Enterprise Linux 6 and later versions
-
CentOS 6 and later versions
-
Fedora 19 and later versions
-
Mandriva 2010 and later versions
-
Debian 7 and later versions
-
Linux Mint 13 and later versions
-
Open SuSe 11 and later versions
-
Suse Enterprise Linux 11 and later versions
-
Pardus 17, and 19
-
Oracle Linux Server 6, 7, and 8
Steps for switching to Endpoint Central agents
Previously, AE agents were supported only for Windows OS, from the 6.9 version of AE, Endpoint Central is being used for agent-based scan for Windows, Linux, and Mac OS. Therefore, users are requested to switch to Endpoint Central agents.
Note: If the number of nodes purchased in AE is more than the number of nodes in Endpoint Central, the older AE agents have to be uninstalled and the new Endpoint Central agents have to be installed.
Below are the steps for switching to Endpoint Central agents.
Step 1: Configuring the Agent settings
Step 2: Ensure ports used by Endpoint Central are open
Step 3: Downloading Endpoint Central agents for Windows, Linux, and Mac machines
Step 4 : Replacing AE agents with Endpoint Central agents in Windows machines
Step 5 : Uninstalling Windows AE agents
If step 3 above is not followed and step 5 is followed during the installation of Windows agents, then the old AE agents will still remain in the remote client machines. Follow the below method to uninstall the AE agents.
You can uninstall the ServiceDesk Plus Windows Agents by executing the UnInstallAgent.vbs as a GPO in Active Directory. The agents will be removed once the machines boot up.
Follow the below steps to configure a GPO in Active Directory
-
Create a network share (e.g,\\MyServer\MyShare).
-
Download and place UninstallAgent.vbs
-
From your Domain Controller, click Start >> run >> enter gpmc.msc and click OK. If gpmc is not installed in your Active Directory, install gpmc and proceed.
-
Right-click the domain and select Create and Link a GPO and specify a name for GPO.
-
Right-click the GPO and click Edit.
-
Select Computer Configuration>>Windows Settings>>Scripts and right-click Startup and click Properties.
-
Click Show Files and drag and drop the UninstallAgent.vbs(downloaded above) to this location and close.
-
In the Startup Properties dialog box, click <strong>Add.</strong>
-
Browse and select the UninstallAgent.vbs script.
-
Click OK to close the Add a Script dialog box and the Startup Properties dialog box
-
Close the Group Policy Object Editor and Group Policy Management dialog box.
The agent will be uninstalled automatically when the client computers start.
Step 6 : Other methods for deploying Endpoint Central agents in Windows
Step 7: Imaging a Windows computer with a Endpoint Central agent
Step 8: Deploying Endpoint Central agents in Linux
Step 9: Deploying Endpoint Central agents in Mac
Step 10: What if Remote AE servers are used?
Step 11: Procedure for AE running with Fail Over Service(FOS) enabled
Agent - Server communication in Endpoint Central
Operations such as scanning a device, taking remote control of a device or tools action from AE is performed in the remote machines through Endpoint Central server and Endpoint Central agents.
The Endpoint Central agent communicates with the Endpoint Central server immediately after its installation in the remote machine and posts the inventory data. The Endpoint Central agent communicates with the Endpoint Central server through HTTPS during system startup and every 90 minutes thereafter till the system is shut down, gets the actions to be performed in the remote machine, and executes it. This 90 minutes policy is majorly used for any asynchronous operations like schedule scan, any agent configuration changes, etc.
Endpoint Central agents also establish a session with the Endpoint Central server through TCP for getting notified for actions that have to be executed on demand like Scan Now or remote control.
Is agent server communication secure?
By default, the Agent-Server communication will happen through HTTPS (Encrypted) communication. These steps enforce trusted HTTPS communication between agent and server. These configurations can be enabled under Agent security settings
Enable certificate-based authentication for agent-server communication
Enabling this option would have the agent-server communication with client certificate authentication. Enabling this option in AE would in turn enable this setting in Endpoint Central too. Click here for more details on the procedure.
Enable agent-server trusted communication
Before enabling this setting, it is required that a valid third-party SSL certificate is applied in Endpoint Central. Click here for steps to configure SSL certificate in Endpoint Central, this has to be done only from the Endpoint Central console.
Note: Once this setting is enabled it cannot be disabled again as the agents will fail to communicate with the server again. Enabling this setting would enable it in Endpoint Central too and have the agent-server communication to be trusted. Click here for a detailed procedure.
Agent resource utilization
All the below data are predicted from a single agent machine. Disk space will be consumed up to 1GB (approximately) from the agent installed drive.
|
Agent Process |
Running application name |
Bandwidth consumption(approximately) |
CPU consumption(approximately) |
Memory (RAM) consumption (approximately) |
|
At Agent Idle state |
dcagentservice.exedcondemand.exedcagenttrayicon.exe(Running separateapplication for eachlogged on user)(For windows andMac)[ Above 3 are everrunning processes ] |
1 Kbps |
0-2% |
11 MB |
|
Refresh policy(90 mins once -without any deployment) |
dcconfig.exe |
4KB |
0-2% |
6MB |
|
Inventory scan(At Scheduled time in server) |
dcinventory.exe |
2MB |
17-20% |
14MB |
|
Agent Upgrade(Applying PPMand If agentversionchanges) |
dcconfig.exe AgentUpgrader.exe |
20MB |
2-5% |
3MB |